Coffeehouse Thread

28 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

SELinux Vs Windows Security

Back to Forum: Coffeehouse
  • User profile image
    kalyanakris​hna

    Team @ Microsoft,

    Could you please prepare a document comparing the security implementations of Windows 2000 / 2003 series (2003 in particular) and SELinux?

    Since SELinux is being hailed for its security enhancements, and I strongly believe it closely resembles the implementation of Windows.

    I think this will help a lot of developers and potential customers.

    Thank You.

    Kalyan

  • User profile image
    Manip

    SELinus is good ... But normal Linux and Windows 2003 can be compared. I think most would agree that the security model in Linux is better. That is mainly because it is newer and because they haven't had to maintain backwards compatibility with anything.

  • User profile image
    msemack

    Manip wrote:
    I think most would agree that the security model in Linux is better. That is mainly because it is newer and because they haven't had to maintain backwards compatibility with anything.


    I wouldn't agree.  The Linux/Unix/POSIX security model is nowhere near as fine grained as the NT one.  Not so sure about SELinux.

    Remember, Linux is inheriting security from Unix, which is very old.  NT's security model is relaively new.

    Here's a good article covering some of the architectural differences between NT and Unix.

    http://www.winnetmag.com/Windows/Articles/ArticleID/4500/pg/1/1.html

    It's a bit dated, but it's still accurate, and very technical.

    Here are two (older) articles that cover the inner workings of the NT security system:
    http://www.winnetmag.com/Windows/Articles/ArticleID/3143/pg/1/1.html
    http://www.winnetmag.com/Article/ArticleID/3492/3492.html

  • User profile image
    Manip

    msemack wrote:
    I wouldn't agree.  The Linux/Unix/POSIX security model is nowhere near as fine grained as the NT one.  Not so sure about SELinux.


    What does that mean? 'fine grained'?

  • User profile image
    Tom Malone

    The fact all links are from an nt source is at all suggestive.

    There have been a series of high profile windows vunerabilities, the updates have been available to users, for some time. Yet users are not downloading them. hmmm really secure.

    Assuming we are talking about enterprise standard, my rhel workstation has a big flashing exclamation mark when updates are available, you click, type in the root password, it downloads them installs them, very quick and easy, silly things like this make linux more secure in my opinion

  • User profile image
    Jeremy W

    Which is available in XP SP2 Tom Smiley

  • User profile image
    msemack

    Manip wrote:


    What does that mean? 'fine grained'?


    The Unix (and Linux) security model is relatively simple.  There are three layers, User Group and and Other.

    NT provides a very sophisticated set of ACLs that lets you define permissions as broadly or specifically as you want.  You can block access based on individual users if you want.

    Various commerical Unixes have their own proprietary ACL systems, but they are non-standard.

    Also, there's all the controls of Active Directory, which Linux simply does not have.  The closest thing are the bits that Novel is offering, but they're "not quite there yet".

  • User profile image
    msemack

    Tom Malone wrote:
    The fact all links are from an nt source is at all suggestive.


    No it's not.  Read the articles.  They are incredibly well-balanced and free of opinion.  That's why I chose them as opposed to an article from say Paul Thurott.

    Tom Malone wrote:

    There have been a series of high profile windows vunerabilities, the updates have been available to users, for some time. Yet users are not downloading them. hmmm really secure.


    Which says NOTHING about the internal security model of NT.  Or Linux for that matter.

    Buffer Overrun != Flawed Security Model

    A buffer overrun is a simple coding mistake, usually stemming from C's (lack of) runtime checking. It says nothing about the fundamental security model.

    Tom Malone wrote:

    Assuming we are talking about enterprise standard, my rhel workstation has a big flashing exclamation mark when updates are available, you click, type in the root password, it downloads them installs them, very quick and easy, silly things like this make linux more secure in my opinion


    And this is different from Windows XP and Window 2000 SP4, how?

  • User profile image
    Mike Dimmick

    Tom, you're not differentiating between security model and secure implementation. Windows has had vulnerabilities. So has Linux. If you haven't been watching, Windows also has automatic updates, but the original default was to download, but not install them automatically. Windows 2000 gained Automatic Updates as of SP3. Many users turned off the feature to "retain control over their systems", but didn't then take responsibility for applying the updates.

    This thread is talking about the security model - the features of the system which allow administrators and users to control who has access to which system resources (including files, registry entries, etc). Both 'standard' Linux and Windows offer discretionary access controls - the owner of an object controls who else can access it and what they can do. Windows is more flexible here because you can add an arbitrary number of principals to an ACL, and the number of permission bits is far greater. As far as I'm aware Linux has no access controls for kernel objects, beyond the usual root-privileged/user-unprivileged situation. Windows has ACLs, which are enforced, on its kernel objects.

    SELinux apparently adds mandatory access controls on kernel objects. The difference between these and discretionary access controls is that only an administrator can modify MACs - there is no 'owner' concept. MACs are required to meet the higher government certifications.

  • User profile image
    msemack

    Here's some good reading on the innards of NT's security model.  This paper covers the features of NT4, and how they were imporved for Windows 2000.

    http://www.cs.washington.edu/homes/mikesw/papers/win2kacl.pdf

    Compare that to:

    http://www.linuxquestions.org/questions/answers.php?action=viewarticle&artid=20

  • User profile image
    msemack

    Mike really hit the nail on the head.  You summed it up a heck of a lot better than I was trying to.

  • User profile image
    Tom Malone

    there is little point having a security model if simple things like patching are not done. I except as of sp2 things are a lot better on windows. But i disagree the way patching is done is integral to the internal security of the os.

  • User profile image
    Keskos

    Manip wrote:
    SELinus is good ... But normal Linux and Windows 2003 can be compared. I think most would agree that the security model in Linux is better. That is mainly because it is newer and because they haven't had to maintain backwards compatibility with anything.


    Dude, before saying Linux is better, investigate what security is all about. Linux is backwards compatible, what the hell you are talking about? It is standard POSIX, Unix. The security model on windows 2003 is as another poster said more fine grained, using access control lists. On unix there are 3 layers. You can't share your folder with your friend Joe in the same group, you got to share it with the whole group Joe is in, assuming that you are in the same group as well.

    However, you can patch Linux for access control lists. At the end windows 2003 is more secure for sure.

  • User profile image
    msemack

    Tom Malone wrote:
    there is little point having a security model if simple things like patching are not done.


    I agree, if users actually patched their systems, worms like Blaster and Slammer would have been a non-issue.  However, this has nothing to do with the fundamental design of the OS.  Linux has the exact same problem.
     
    Either way, You have yet to demonstrate how Linux is any better at this than Windows.

    Under Windows, updates are free and downloaded automatically.  Once they are downloaded, Windows will start prompting you to install them.  Now, With SP2, not only are they downloaded automatically, but also installed automatically.

    Your Red Hat Enterprise Linux (which costs more than Windows, BTW), just downloads it and waits for you to install.  This is no different than Windows 2000 or Windows XP (pre-SP2).  SP2 actually sounds BETTER than Redhat's system, because it's totally automatic.

    Furthermore, this doesn't seem to be a standard feature across all Linux distributions.

    Also, could you tell me a bit more about the central Redhat repository?  Does it have a some sort of digital certificate system?  Are there any mechanisms in place to prevent a hacker from hijacking the Redhat Update Network and sending evil patches to users?  I honestly don't know. 

    Final question, is this a free service?  Last I checked, the updates from Redhat cost money.

  • User profile image
    troublefunk

    The SElinux extensions are now part of the mainstream kernel, if you have 2.6, then there is no need to patch.

    You will need to get the user space tools and configure the system to use it though, if you are building from scratch, which is a pain.

    One distro I've used that has it enabled on install is fedora core 2. As the rules were all set up, I hardly noticed it. There did not seem to be any extra processing overhead either.

    It is rather complex though, and most user space gui file manager tools don't let you access the extra groups etc data, you have to do it from the command line if it's not yer average POSIX permissions.

    The gentoo guys put a box on the internet where you can ssh in as root anonymously! Because root no longer has to be all powerful, it was a restricted account and you could not break anything!

    I consider the Windows security model excellent as well, if this thread can stay from talking about patching it could be interesting. Lets keep it theoretical!

  • User profile image
    Tom Malone

    Two things my rhel ws is about a third of the price of windows.

    Secondly, though windows may have access to a potentially better fine grain level of control over file permisions, the actual instaltion of windows makes you use the administrator level as a standard user. Linux is designed to stop you using the adminsitator password, but let you do it my using sudo root etc when you actually need to use it install a program etc. Windows in many ways encourages you to use an admin acount.

  • User profile image
    msemack

    Tom Malone wrote:
    my rhel ws is about a third of the price of windows.


    Not to make this thread drift too far from the topic, but I have to ask... How did you get RHEL so cheap? 
    Accoring to Redhat (http://www.redhat.com/apps/commerce/rhel/ws/?), their prices START at $179, and that's for the "basic" version.  The good stuff costs a lot more.  It also looks like the updates only last for 1 year.  Does you employer have a special agrrangement with Redhat?  How much does your subscription cost?

    I ask because I can buy XP Pro from Microsoft for $300 (http://www.microsoft.com/products/info/product.aspx?view=22&type=ovr&pcid=2abf99cd-a5e4-469c-802e-55ca8ec542d5), and that's direct from Microsoft, not from a reseller (which has better pricing).  On top of that, Microsoft give you free updates for the lifecycle of the product, not just 1 year.

    While I won't argue that purchasing a copy of Redhat Enterprise Linux can be cheaper (I didn't realize Redhat had dropped their prices), I don't know how you arrived at that 1/3rd figure.


    Tom Malone wrote:
    Secondly, though windows may have access to a potentially better fine grain level of control over file permisions, the actual instaltion of windows makes you use the administrator level as a standard user. Linux is designed to stop you using the adminsitator password, but let you do it my using sudo root etc when you actually need to use it install a program etc. Windows in many ways encourages you to use an admin acount.


    One fine point here.  Do not confuse Administrator on Windows with root on a Unix system.  They are actually quite different.  Under Linux/Unix, root is the "god" account.  Once you're root, all security checks stop.  Type "rm -rf /", and nothing will stop you.

    This actually seems to be one of the key points of SELinux, from what I've read.  On an SELinux system, security rules also apply to root.  This makes it more difficult to compromise a system (most exploits work on getting to the root account, because once the system is rooted, it's all over).

    Under Windows, the Administrator account does not have unlimited access.  It can certainly do a lot of damage, but it can not do all that root does.  There a no single commands to destroy the system.  The closest thing you can find to root on a Windows system is SYSTEM, which you can't even log in as.

    On top of that, Windows itself does not force you to run as admin.  Runas makes it easy to impersonate another user, much like sudo.  Some applications are written to require adminsitrative access, which sucks, but again, it's not a Windows design limitation.  It's sloppy 3rd party software development.

    Also, Windows makes a distinction between "local" Administrators and network administrators.  I may be Administrator of my local machine (free to install any software I want, change wallpaper, etc), but does not make me administrator of the entire network.  I can't wipe the server's hard drive.

    This isn't to say that you should let everyone be amdinistrator, at least not in a corporate environment.  You should still make sure that users have their accounts properly locked down.  Home users are another story...

  • User profile image
    eddwo

    Theres not really any security differences between Administrator and SYSTEM, just a few things that stop you from shooting yourself in the foot. You can't shut down critical processes like winlogon and csrss because doing so would force the machine to reboot, and you can't browse into "\system volume information" by default, so you can't mess around with your system restore files, but you can  easily take ownership of the folder and change the permissions.

    To get a SYSTEM console just use "at (time a minute from now) /INTERACTIVE cmd" you don't need any more security credentials to do this, it's not elavating your privilege level, Administrator is basically full access. Basically given admin rights there is nothing you can't do.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.